feat(route53): support failover routing policy for record sets

[0xdsqr]

Issue # (if applicable)

Closes #35910

---

Reason for this change

The L1 CfnRecordSet supports the Failover property, allowing users to define PRIMARY and SECONDARY record sets for Route 53 failover routing policies. However, this capability was not exposed at the L2 RecordSet level.
This enhancement introduces first-class support for failover routing in the L2 construct, simplifying configuration and validation for high-availability DNS setups.

Before (L1 override):

const record = new route53.ARecord(this, 'ARecord', {
  zone,
  target: route53.RecordTarget.fromAlias(
    new
  )
});
const cfnRecord = record.node.defaultChild as route53.CfnRecordSet;
cfnRecord.addPropertyOverride('Failover', 'PRIMARY');

After (L2 support):

new route53.ARecord(this, 'ARecord', {
  zone,
  target: route53.RecordTarget.fromIpAddresses('1.2.3.4'),
  healthCheck: myHealthCheck,
  failover: route53.Failover.PRIMARY,
});

Description of changes

• Added failover?: 'PRIMARY' | 'SECONDARY' to RecordSetProps and RecordSetOptions. . Enables users to define primary and secondary record sets directly in the L2 construct.
• Propagated failover to the synthesized CloudFormation template via CfnRecordSet.Failover.
• Added validation rules:
  • Prevent combining failover with other routing policies (region, weight, geoLocation, multiValueAnswer, or cidrRoutingConfig).
  • Warn when a PRIMARY failover record set does not specify a healthCheck.
  • For alias records with failover, automatically warn if EvaluateTargetHealth is not set to true, aligning with Route 53 best practices.
• Enhanced setIdentifier generation:
  Automatically derives a deterministic identifier prefix (FAILOVER_PRIMARY_ID_ / FAILOVER_SECONDARY_ID_) for failover record sets.
• Added new unit tests validating:
  • Proper synthesis of Failover and HealthCheckId fields.
  • Expected behavior and warnings for missing health checks.
  • Alias target warnings for missing EvaluateTargetHealth.
  • Error handling when failover is combined with other routing policies.

This aligns with Route 53’s documented behavior:

When the primary record set is unhealthy and the secondary is healthy, Route 53 responds using the secondary record.
If the primary is healthy, Route 53 always prefers it. Alias failover records require EvaluateTargetHealth = true.

Reference: Amazon Route 53 Developer Guide — Failover Routing

Describe any new or updated permissions being added

None — this change only affects construct synthesis and validation logic.

Description of how you validated changes

• Added comprehensive unit tests in record-set.test.ts.
• Validated synthesized CloudFormation output for both PRIMARY and SECONDARY failover configurations.
• Manually deployed a sample stack containing paired failover records and confirmed expected Route 53 behavior and DNS failover switching.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

[badmintoncryer]

Thank you for your contribution! I've added some minor comments.

[badmintoncryer]

Is my understanding correct that these settings allow deployment itself, but are not recommended configurations?

[badmintoncryer]

I thought that health check for primary record is essential.

[badmintoncryer]

Could you please execute integ test and add snapshot files?

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.